w*s 发帖数: 7227 | 1 Yes, while i'm working on node.js, i still love perl, :)
The old web product is based on old perl CGI, i'm looking to the simplest
way to fix XSS/Sql injection/etc. web security holes.
So for Catalyst Dancer Mason Maypole Mojolicious
which one should i use in the ARM platform ? Thank you ! | c*********e 发帖数: 16335 | 2 XSS/csrf/Sql injection是因为用户数据里有tags, ' "之类的东西。和语言无关。
我最近做了一网站,为了防止sql injection,csrf,xss,用到了很多种方法。escape
' "据说不能防止所有的sql injection,但是我一直想知道一个例子。
【在 w*s 的大作中提到】 : Yes, while i'm working on node.js, i still love perl, :) : The old web product is based on old perl CGI, i'm looking to the simplest : way to fix XSS/Sql injection/etc. web security holes. : So for Catalyst Dancer Mason Maypole Mojolicious : which one should i use in the ARM platform ? Thank you !
| w*s 发帖数: 7227 | 3 from others
You have fallen foul of the primarily opinion-based off-topic categorisation
, and your question will probably be closed very soon. However I think it's
worth offering a few guidelines here
First of all you should absorb what is written in CGI::Alternatives as it is
a reasonable summary of the subject
Next you should separate the HTML generation functionality of your existing
CGI code from the interface itself, and consider replacements for each of
them separately. If you were to use HTML::Tiny together with CGI::Simple
then your code would have to change very little and you would have achieved
better partitioning of functionality
Ideally you will move on to one of the many templating systems such as
Template Toolkit, together with one of the frameworks, which is the topic of
your question. In the end you will need to do a lot of research and many
trials to discover how well each framework fits your requirement, in terms
of both the feature list and the convenience and clarity of the API
All I can do here is suggest that the Mojolicious suite may be a good
starting point. The API focuses on command chaining in a way similar to Ruby
, and there is a Mojolicious::Plugin::CGI accessory which will allow you to
execute CGI scripts unchanged during your migration
Note however that all of the frameworks that you mention, as well as several
others, will have their proponents. That is why you must make the selection
yourself, as such recommendations will be influenced primarily by
familiarity, and without your own knowledge of the requirements of your
project
Unfortunately I cannot speak to the security issues of the various options,
but I hope that has helped a little
【在 c*********e 的大作中提到】 : XSS/csrf/Sql injection是因为用户数据里有tags, ' "之类的东西。和语言无关。 : 我最近做了一网站,为了防止sql injection,csrf,xss,用到了很多种方法。escape : ' "据说不能防止所有的sql injection,但是我一直想知道一个例子。
| d****n 发帖数: 1637 | 4 用过Mojolicious, 在perl里就那呢几个web framework。也没啥选的。
用来写rest api 就一个字,累。
每个model都要写一边。再来个ACL就彻底停工了。比起ROR/sailsjs这东西真是不
efficient
categorisation
s
is
existing
achieved
【在 w*s 的大作中提到】 : from others : You have fallen foul of the primarily opinion-based off-topic categorisation : , and your question will probably be closed very soon. However I think it's : worth offering a few guidelines here : First of all you should absorb what is written in CGI::Alternatives as it is : a reasonable summary of the subject : Next you should separate the HTML generation functionality of your existing : CGI code from the interface itself, and consider replacements for each of : them separately. If you were to use HTML::Tiny together with CGI::Simple : then your code would have to change very little and you would have achieved
| w***g 发帖数: 5958 | 5 Dancer2,很好用。
【在 w*s 的大作中提到】 : Yes, while i'm working on node.js, i still love perl, :) : The old web product is based on old perl CGI, i'm looking to the simplest : way to fix XSS/Sql injection/etc. web security holes. : So for Catalyst Dancer Mason Maypole Mojolicious : which one should i use in the ARM platform ? Thank you !
| w*s 发帖数: 7227 | 6 旧的perl cgi code可以很容易move过来吗?
【在 w***g 的大作中提到】 : Dancer2,很好用。
|
|